Roxio Toast Titanium 10.0.1 Update Released

Posted by:
Date: Wednesday, February 25th, 2009, 09:34
Category: Software

toastlogo.jpg
Late Wednesday night, Roxio released version 10.0.1 of its Toast Titanium authoring software. The new version, available here, adds the following fixes and changes:

  • Improved handling of AIFF audio files.
  • Resolves issue where some users may be unable to add audio to Music DVD project.
  • Resolves issue where creating Audiobook project may result in -35 error.
  • Resolves issue where users may be unable to remove video from appearing in the Web Video Media Browser view.
  • Resolves issue that may occur when creating disc images so that users are not prompted for additional information.
  • Resolves crash that may occur when opening audio projects saved in a previous version of Toast.
  • Audiobook projects will be split automatically if they become larger than iTunes is able to play back.
  • AVCHD Archive discs created from memory card-based cameras should now play correctly on Blu-ray players.
  • Toast 10 Titanium requires Mac OS X 10.4 or later to install and run and retails for US$99.99.
    If you’ve tried the update and have any feedback about it, let us know in the comments or forums.

    (more…)

    Apple Releases Safari 4 Public Beta

    Posted by:
    Date: Tuesday, February 24th, 2009, 09:05
    Category: Software

    safarilogo.jpg
    Apple announced the release of the Safari 4 public beta on Tuesday. According to Mac Observer, the new version of the browser includes the Nitro JavaScript Engine, faster JavaScript 4.2 processing speeds and a long list of new features including Cover Flow browsing for history and bookmarks.
    The browser also includes Accessible Rich Interactive Applications, full page zoom support, CSS effects and CSS Canvas support, HTML 5 offline support, offline database support, and smart search recommendations. Other new features include a new Web Inspector, a page elements view, a JavaScript debugger, a page resources view, and more.
    The Safari 4 public beta requires Mac OS X 10.5.6 or later on Leopard or Mac OS X 10.4.11 or later on Tiger as well as Security Update 2009-001 to install and run. The browser is available for both Mac and Windows as a free download.
    If you’ve tried the new version and have any feedback on it, hit us up in the comments, forums or drop me a line at chris @ powerpage.org.

    (more…)

    EMC Releases Retrospect 8 Beta 4

    Posted by:
    Date: Friday, February 20th, 2009, 07:47
    Category: Software

    retrospect8box.jpg
    EMC Corporation on Friday released the fourth public beta of Restrospect 8.0 its long-standing backup and recovery software for the Mac. The new beta consists of the following new features and changes:

  • Stability has been greatly improved, and this build should feel much better.
  • Proactive Backup (old Backup Server) monitoring is now functional, and the Pause/Run/Resume buttons now work as expected.
  • Email notification is working as designed now.
  • Repair and Rebuild Catalog functionality has been added.
  • It is now possible to set a password for the Retrospect engine by going to Preferences>General and clicking the Change Server Password button. Once you set/change the password, you will need to remove the Retrospect engine from the sidebar and re-add it using the new password.
  • Partial archiving of Time Machine data has been added. Retrospect 8.0 cannot restore a functioning Time Machine volume, but it can restore files backed up from a Time Machine volume to any non-Time Machine volume.
  • Backup and restore activities can now be previewed when using the Backup and Restore Assistants.
  • The restore files and folders workflow now has an option to restore to a new folder. When choosing this option, Retrospect may incorrectly warn you on the summary page that all other files will be deleted from the destination. This is not the case.
  • Media request notifications have been improved.
  • Several bugs related to rules (selectors) have been fixed; a handful may still remain.
  • The Retrospect 8.0 beta is currently available as a 29.7 megabyte download and requires Mac OS X 10.4 or later to install and run.
    Retrospect 8.0 is expected to ship in the first quarter in three versions: Desktop 3-User (US$129 new or US$59 as an upgrade), Single Server (US$809 or US$539), and Multi Server (US$1,669 or US$939). Users who purchased a new Retrospect 6.1 license on or after January 14, 2008 will receive a free upgrade.
    Let us know what you think in the comments or forums.

    (more…)

    Adium X Updated to 1.3.3

    Posted by:
    Date: Friday, February 20th, 2009, 07:07
    Category: Software

    adiumducky.gif
    Adium, the open source instant message chat client with support for multiple programs (including AOL Instant Messenger, ICQ, Jabber, MSN, Yahoo! Google Talk, Bonjour, etc.) has been updated to version 1.3.3.
    The new version, a 23.4 megabyte download, sports the following major fixes and changes listed here.
    Adium X is available for free and requires Mac OS X 10.4 or later to run. The program functions as a Universal Binary and runs at native speeds on both PowerPC and Intel-based hardware.
    If you’ve tried the new build and have any feedback, positive or negative, let us know in the comments or forums.

    (more…)

    Cocktail 4.3.1 Leopard Edition Released

    Posted by:
    Date: Friday, February 20th, 2009, 07:43
    Category: Software

    cocktaillogo.jpg
    On Friday, shareware developer Maintain released version 4.3.1 of Cocktail (Leopard Edition), Cocktail, the popular shareware utility program that allows for additional Mac OS X system tests.
    The new version, a 1.8 megabyte download, adds the following fixes and changes:

  • Addresses an issue in which Cocktail may stop responding during a scheduled clearing of system caches.
  • Added clearing of the trojan Lamzev.A and the worm Inqtana.A.
  • Minor improvements on the clear potentially harmful files procedure.
  • Cocktail 4.3 retails for a US$14.95 shareware registration fee and requires Mac OS X 10.5 or later to run.
    If you’ve tried the new version and have any kind of feedback about it, let us know in the comments or forums.

    (more…)

    CoolBook Updated to 2.13, Receives Unibody MacBook Support

    Posted by:
    Date: Monday, February 16th, 2009, 08:30
    Category: Software

    coolbook.jpg
    Over the weekend, developer Magnus Lundholm released CoolBook 2.13, the latest version of his shareware CPU frequency, voltage and temperature monitoring program.
    The new version, a 600 kilobyte download, adds support for Apple’s new unibody MacBooks as well as repairs the following bugs and features:

  • Fixed a bug adding invalid values to the frequency selector.
  • Fixed an issue with the throttling level selector.
  • Additional fixes to support the new unibody models.
  • CoolBook 2.13 retails for a US$10 shareware registration fee and requires Mac OS X 10.4 or later and an Intel-based Mac to run.
    If you’ve tried the program and have either positive or negative feedback about it, let us know over in the forums.

    (more…)

    Apple Releases Security Update 2009-001

    Posted by:
    Date: Friday, February 13th, 2009, 09:56
    Category: Software

    applesecurity.jpg
    Making Friday a somewhat official update-o-rama, Apple released Security Update 2009-001, its first collection of security fixes for the new year.
    The 43.4 megabyte download contains the following fixes and features:

  • AFP Server:
    Impact: A user with the ability to connect to AFP Server may be a able to trigger a denial of service
    Description: A race condition in AFP Server may lead to an infinite loop. Enumerating files on an AFP server may lead to a denial of service. This update addresses the issue through improved file enumeration logic. This issue only affects systems running Mac OS X v10.5.6.
  • Apple Pixlet Video:
    Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exist in the handling of movie files using the Pixlet codec. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.
  • CarbonCore:
    Impact: Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in Resource Manager’s handling of resource forks. Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of resource forks. Credit: Apple.
  • CFNetwork:
    Impact: Restores proper operation of cookies with null expiration times
    Description: This update addresses a non-security regression introduced in Mac OS X 10.5.6. Cookies may not be properly set if a web site attempts to set a session cookie by supplying a null value in the “expires” field, rather than omitting the field. This update addresses the issue by ignoring the “expires” field if it has a null value.
  • CFNetwork:
    Impact: Restores proper operation of session cookies across applications
    Description: This update addresses a non-security regression introduced in Mac OS X 10.5.6. CFNetwork may not save cookies to disk if multiple open applications attempt to set session cookies. This update addresses the issue by ensuring that each application stores its session cookies separately.
  • Certificate Assistant:
    Impact: A local user may manipulate files with the privileges of another user running Certificate Assistant
    Description: An insecure file operation exists in Certificate Assistant’s handling of temporary files. This could allow a local user to overwrite files with the privileges of another user who is running Certificate Assistant. This update addresses the issue through improved handling of temporary files. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
  • ClamAV:
    Impact: Multiple vulnerabilities in ClamAV 0.94
    Description: Multiple vulnerabilities exist in ClamAV 0.94, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.94.2. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/.
  • CoreText:
    Impact: Viewing maliciously crafted Unicode content may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow may occur when processing Unicode strings in CoreText. Using CoreText to handle maliciously crafted Unicode strings, such as when viewing a maliciously crafted web page, may result in an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rosyna of Unsanity for reporting this issue.
  • CUPS:
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination
    Description: Exceeding the maximum number of RSS subscriptions results in a null pointer dereference in the CUPS web interface. This may lead to an unexpected application termination when visiting a maliciously crafted website. In order to trigger this issue, valid user credentials must either be known by the attacker or cached in the user’s web browser. CUPS will be automatically restarted after this issue is triggered. This update addresses the issue by properly handling the number of RSS subscriptions. This issue does not affect systems prior to Mac OS X v10.5.
  • DS Tools:
    Impact: Passwords supplied to dscl are exposed to other local users
    Description: The dscl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users and administrators. This update makes the password parameter optional, and dscl will prompt for the password if needed. Credit: Apple.
  • fetchmail:
    Impact: Multiple vulnerabilities in fetchmail 6.3.8
    Description: Multiple vulnerabilities exist in fetchmail 6.3.8, the most serious of which may lead to a denial of service. This update addresses the issues by updating to version 6.3.9. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/
  • Folder Manager:
    Impact: Other local users may access the Downloads folder
    Description: A default permissions issue exists in Folder Manager. When a user deletes their Downloads folder and Folder Manager recreates it, the folder is created with read permissions for everyone. This update addresses the issue by having Folder Manager limit permissions so that the folder is accessible only to the user. This issue only affects applications using Folder Manager. This issue does not affect systems prior to Mac OS X v10.5. Credit to Graham Perrin of CENTRIM, University of Brighton for reporting this issue.
  • FSEvents:
    Impact: Using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available
    Description: A credential management issue exists in fseventsd. By using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available. This includes the name of a directory which the user would not otherwise be able to see, and the detection of activity in the directory at a given time. This update addresses the issue through improved credential validation in fseventsd. This issue does not affect systems prior to Mac OS X v10.5. Credit to Mark Dalrymple for reporting this issue.
  • Network Time:
    Impact: The Network Time service configuration has been updated
    Description: As a proactive security measure, this update changes the default configuration for the Network Time service. System time and version information will no longer be available in the default ntpd configuration. On Mac OS X v10.4.11 systems, the new configuration takes effect after a system restart when Network Time service is enabled.
  • perl:
    Impact: Using regular expressions containing UTF-8 characters may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in the handling of certain UTF-8 characters in regular expressions. Parsing maliciously crafted regular expressions may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of regular expressions.
  • Printing:
    Impact: A local user may obtain system privileges
    Description: An error handling issue exists in csregprinter, which may result in a heap buffer overflow. This may allow a local user to obtain system privileges. This update addresses the issue through improved error handling. Credit to Lars Haulin for reporting this issue.
  • python:
    Impact: Multiple vulnerabilities in python
    Description: Multiple vulnerabilities exist in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project.
  • Remote Apple Events:
    Impact: Sending Remote Apple events may lead to the disclosure of sensitive information
    Description: An uninitialized buffer issue exists in the Remote Apple Events server, which may lead to disclosure of memory contents to network clients. This update addresses the issue through proper memory initialization. Credit: Apple.
  • Remote Apple Events:
    Impact: Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information
    Description: An out-of-bounds memory access exits in Remote Apple Events. Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information to network clients. This update addresses the issue through improved bounds checking. Credit: Apple.
  • Safari RSS:
    Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution
    Description: Multiple input validation issues exist in Safari’s handling of feed: URLs. esp issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues.
  • servermgrd:
    Impact: Remote attackers may be able to access Server Manager without valid credentials
    Description: An issue in Server Manager’s validation of authentication credentials could allow a remote attacker to alter the system configuration. This update addresses the issue through additional validation of authentication credentials. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
  • SMB:
    Impact: Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges
    Description: An integer overflow in SMB File System may result in a heap buffer overflow. Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
  • SMB:
    Impact: Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown
    Description: A memory exhaustion issue exists in the SMB File System’s handling of file system names. Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown. This update addresses the issue by limiting the amount of memory allocated by the client for file system names. Credit: Apple.
  • SquirrelMail:
    Impact: Multiple vulnerabilities in SquirrelMail
    Description: SquirrelMail is updated to version 1.4.17 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/
  • X11:
    Impact: Multiple vulnerabilities in X11 server
    Description: Multiple vulnerabilities exist in X11 server. The most serious of these may lead to arbitrary code execution with the privileges of the user running the X11 server, if the attacker can authenticate to the X11 server. This update addresses the issues by applying the updated X.Org patches. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security
  • X11:
    Impact: Multiple vulnerabilities in FreeType v2.1.4
    Description: Multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by incorporating the security fixes from version 2.3.6 of FreeType. Further information is available via the FreeType site at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.
  • X11:
    Impact: Multiple vulnerabilities in LibX11
    Description: Multiple vulnerabilities exist in LibX11, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by applying the updated X.Org patches. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security These issues do not affect systems running Mac OS X v10.5 or later.
  • XTerm:
    Impact: A local user may send information directly to another user’s Xterm
    Description: A permissions issue exists in Xterm. When used with luit, Xterm creates tty devices accessible by everyone. This update addresses the issue by having Xterm limit the permissions so tty devices are accessible only by the user.
  • Security Update 2009-001 requires Mac OS X 10.5 or later to install and run.
    If you’ve tried the update and noticed any changes, please let us know in the comments or forums.

    (more…)

    Apple Releases Java for OS X 10.5 Update 3

    Posted by:
    Date: Friday, February 13th, 2009, 08:39
    Category: Software

    applelogo1.jpg
    Early Friday, Apple released its Java for Mac OS X 10.5 Update 3 patch. The 3.1 megabyte download, adds the following fix:

  • Java: Impact: Multiple vulnerabilities in Java Web Start and Java Plug-in
    Description: Multiple vulnerabilities exist in Java Web Start and the Java Plug-in, the most serious of which may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with the privileges of the current user. This update provides patches for the Java Bug IDs 6694892, 6707535, 6727081 and 6767668 from Sun Microsystems.
  • The update requires Mac OS X 10.5 or later to install and run.
    If you’ve tried the update and have any feedback to offer, let us know in the comments or forums.

    (more…)

    iPhoneBugList.com Gathers iPhone Issues, Bugs and Feature requests

    Posted by:
    Date: Tuesday, July 24th, 2007, 09:34
    Category: iPhone

    This site is a great idea. Instead of everyone blogging their complaints separately, why not post them all in one location? If you have an iPhone, the best way to use the site is to make your bug/wish list first. Then go to iPhoneBugList.com and add the ones that they don’t already have on the list.

    We hope you find this a useful method to see the outstanding issues and requests for the iPhone. It is wide open without the need for registration… This is a brand new site and it is getting worked on as you view it. Still adding features and help.

    iPhoneBugList.com

    Tags: , , , ,

    (more…)

    The Apple Core: iTunes 7 and iPod 1.2 update confound users

    Posted by:
    Date: Friday, September 22nd, 2006, 08:00
    Category: The Apple Core

    sad-ipod.jpgWhen Steve Jobs announced iTunes 7 I couldn’t reload the download page fast enough. I was anxious to try out the first whole number upgrade to Apple’s venerable jukebox application in almost a year. In the 10 or so days that I’ve been using the new iTunes I’ve had little or no problems with it. Unfortunately others haven’t been so lucky.
    Read the rest of the story on my ZDNet Blog: The Apple Core.

    (more…)